Printer-related security breaches affect 63% of enterprises

It almost makes us long for the old ditto machines...

Accordingly, 63% of businesses surveyed admit to experiencing one or more print-related data breaches.

A Nuance-sponsored white paper published by research and analyst company Quocirca points out that printers are increasingly becoming a security hole for leaking sensitive company or client information. Many organizations are streamlining workflows associated with paper-based documents – either for efficiency, legal or environmental reasons – and the office-based networked and multi-functional printer (MFP) printer is playing a greater role in helping them achieve their document-related goals.

Despite the greater reliance on MFPs and their role in the document lifecycle, many businesses leave themselves exposed to potential data breaches, both policy and device-related. However, some verticals are more at risk than others. When breaking down the 63% of companies that have been breached via printer technologies, 66% of financial services had at least one print-related security breach; but only 16% (under one in four of those) had more than one – indicating that they learned from their mistakes. In contrast, the public sector, where 90% of organizations had at least one breach, 35% (just under one in three) expereinced more than one incident.

Quocirca noted that in previous research it found that the top three reasons for print security not being adopted were low priority (92%), unawareness of benefits (71%) and lack of a print security strategy (65%). Many businesses still appear to be unaware about the security risks that MFPs pose, and what solutions are available to mitigate such risks.

“Clearly businesses are not doing enough to protect their printing environment, exposing themselves to the potential financial and legal ramifications of print-related breaches,” Quocirca noted. “Businesses may be working hard to protect electronic data across email, PCs, laptops, mobile devices and USB sticks, however the threat of data breaches remains if the one time any confidential or sensitive information is printed, it is left exposed to unauthorized access.”

As for mitigation strategies, secure printing, also known as pull printing, ensures that documents are only released upon user authentication, using a PIN code, smart card or biometric fingerprint recognition, the firm noted. Secure pull printing also reduces waste by eliminating unclaimed documents from ever being printed in the first place and provides printing for mobile users, enabling print jobs to be released at any MFP across the network.

Audited MFP usage, meanwhile, supports compliance needs. Many secure printing tools offer audit and reporting capabilities to track print, copy, scan and fax usage. User authentication enables businesses to monitor who printed what document at what time and on which device. This provides an audit trail and enables patterns of misuse and/or waste to be identified.

Some printer manufacturers are offering options to lock down the printing environment as well. HP last autumn launched a new program that offers secure authentication for all online printers, as well as a management suite for identifying vulnerabilities, such as Java vectors. HP’s upgrade is primarily aimed at the healthcare vertical, where security and privacy compliance for patient records are always top-of-mind. The medical arena is far from paperless, with the printing of patient records still an endemic process. Thanks to those printers being more often than not connected to the LAN by IP, hackers have increasingly focused on the printing environment in order to intercept patient data, often unbeknownst to staff.

Even so, as ever, a multi-pronged strategy is always encouraged. “An organization’s information security strategy can only be as strong as its weakest link and, given the continued reliance on printing amongst many businesses, print security is no longer something they can choose to ignore,” the white paper authors said. “Although pull printing is one approach to minimising potential data loss through unsecured printing, print security demands a comprehensive approach that includes education, policy, and technology.”